At a glance:

Endpoint Vulnerability

Event manipulation in plugin handler to bypass same-origin policy

Description

Mozilla security researcher Jesse Ruderman reported that events in the plugin handler can be manipulated by web content to bypass same-origin policy (SOP) restrictions. This can allow for clickjacking on malicious web pages.